Announcing Privoxy 3.0.21 stable
--------------------------------------------------------------------
-This is a bug-fix release for Privoxy 3.0.20 beta. It also addresses
-a security issue that affects all previous Privoxy versions (on some
-platforms).
+Privoxy 3.0.21 stable is a bug-fix release for Privoxy 3.0.20 beta.
+It addresses two security issues that affect all previous Privoxy
+versions.
--------------------------------------------------------------------
ChangeLog for Privoxy
values above FD_SETSIZE are properly rejected. Previously they
could cause memory corruption in configurations that allowed
the limit to be reached.
+ - Proxy authentication headers are removed unless the new directive
+ enable-proxy-authentication-forwarding is used. Forwarding the
+ headers potentially allows malicious sites to trick the user
+ into providing them with login information.
+ Reported by Chris John Riley.
- Compiles on OS/2 again now that unistd.h is only included
on platforms that have it.
Reported by u302320 in #360284, additional feedback from Adam Piggott.
- Unblock '.advrider.com/' and '/.*ADVrider'.
Anonymously reported in #3603636.
+ - Stop blocking '/js/slider\.js'.
+ Reported by Adam Piggott in #3606635 and _lvm in #2791160.
- Filter file improvements:
- Added an iframes filter.
projects / privoxy.git / blobdiff